Category: The Register – Security

No longer a blind spot, printer security is now a grown up conversation says Brother Sponsored Feature  As businesses journey deeper into an era of restless digital change, it’s surprising how inventions from past decades still define the office environment.……

Read more →

Settles lawsuit with two states after wider leak that affected millions A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on…

Read more →

Tech has changed in 400 years. The rules haven’t Opinion  Mary, Queen of Scots, was a hapless CEO, even by the standards of 1600s Europe. Mother of the first Stuart King of England, James I (and VI of Scotland; let’s…

Read more →

Also: Russia may legalize hacking; Oakland declares ransomware emergency; the CVEs you should know about this week In brief  Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one…

Read more →

Eggheads prove they can mimic messages and bag bug bounty bucks Analysis  Over the past two decades, efforts have been made to make email more secure. Alas, defensive protocols implemented during this period, such as SPF, DKIM, and DMARC, remain…

Read more →

Committee: Something about complaints process being dealt with in total secrecy doesn’t sit right Lawmakers in the European Parliament have urged the European Commission not to issue the “adequacy decision” needed for the EU-US Data Privacy Framework (DPF) to officially…

Read more →

In other words, script kiddies up to shenanigans again A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.… This article has been indexed…

Read more →

Move along, totally nothing to see here The FBI says it has dealt with a cybersecurity “incident” that reportedly involved computer systems being used to investigate child sexual exploitation.… This article has been indexed from The Register – Security Read…

Read more →

Move along, totally nothing to see here The FBI has confirmed a cyber “incident” that reportedly involved computer systems being used to investigate child sexual exploitation.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Move along, nothing to see here The FBI confirmed a cyber “incident” that reportedly involved computer systems being used to investigate child sexual exploitation.… This article has been indexed from The Register – Security Read the original article: FBI says…

Read more →

Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to…

Read more →

WebKit flaw ‘may have been exploited’ – just like Tim Cook ‘may have’ made a million bucks this week Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit…

Read more →

In other words, script kiddies up to shenanigans again A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.… This article has been indexed…

Read more →

Committee: Something about complaints process being dealt with in total secrecy doesn’t sit right Lawmakers in the European Parliament have urged the European Commission not to issue the “adequacy decision” needed for the EU-US Data Privacy Framework (DPF) to officially…

Read more →

Undisclosed earnings reports swiped, exploited A Russian national with ties to the Kremlin exploited stolen upcoming financial filings belonging to hundreds of companies to help him and his associates net more than $90 million.… This article has been indexed from…

Read more →

ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild There’s a fresh open-source command-and-control (C2) framework on the loose, dubbed Havoc, as an alternative to the popular Cobalt Strike, and other mostly legitimate tools, that…

Read more →

Committee: Something about complaints process being dealt with in total secrecy doesn’t sit right Lawmakers in the European Parliament have urged the European Commission not to issue the “adequacy decision” needed for the EU-US Data Privacy Framework (DPF) to officially…

Read more →

Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution Antivirus software is supposed to be an important part of an organization’s defense against the endless tide of malware.… This article has been indexed from The Register…

Read more →

Meanwhile South Korea’s Do Kwon is sought for fraud by US authorities Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated…

Read more →

Devs missed warnings plus tons of code relying on a lone open source maintainer Google this week reversed an overhaul of one of its security-related file formats after the transition broke Android apps.… This article has been indexed from The…

Read more →

OS won’t start on some systems with ESXi VMs, while Win11 updates may not make it to devices Microsoft is sorting through two issues with Windows Server 2022 that affect VMware virtual machines and updates not getting passed on to…

Read more →

Happy Valentine’s Day! Now don’t get fooled It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine’s Day.… This article has been indexed…

Read more →

UK-based Coin Publishers were conned out of $206,000 after meeting in a Barcelona hotel Exclusive  When Ahad Shams detailed on Twitter how his company was scammed out of $4 million in cryptocurrency after a face-to-face meeting, Chris Hunter immediately recognized…

Read more →

That’s not what I like Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.… This article has been indexed from The Register…

Read more →

Want a clue to what you’re dealing with? Check the ransom note That didn’t take long.… This article has been indexed from The Register – Security Read the original article: ESXiArgs ransomware fights off Team America’s data recovery script

Read more →

Plus bugs squashed in Server Platform Services and more Intel’s Software Guard Extensions (SGX) are under the spotlight again after the chipmaker disclosed several newly discovered vulnerabilities affecting the tech, and recommended users update their firmware.… This article has been…

Read more →

Giving storage platforms enhanced built-in security features will be a significant step toward counteracting the impacts of cybercrime in 2023, Dell experts predict Sponsored Feature  Cybercriminals tend not to discriminate when it comes to the type of data they steal.…

Read more →

Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to…

Read more →

WebKit flaw ‘may have been exploited’ just like Tim Cook ‘may have’ made a million bucks this week Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser…

Read more →

Undisclosed earnings reports swiped, exploited A Russian national with ties to the Kremlin exploited stolen upcoming financial filings belonging to hundreds of companies to help him and his associates net more than $90 million.… This article has been indexed from…

Read more →

Adobe, SAP, Intel, AMD, Android also show up with bouquet of fixes Patch Tuesday  Happy Patch Tuesday for February, 2023, which falls on Valentine’s Day.… This article has been indexed from The Register – Security Read the original article: Microsoft…

Read more →

And growing abuse of cloud – because using hijacked Brazilian cable modems to down sites is so 2013 Dozens of companies over the weekend were hit by distributed denial-of-service (DDoS) attacks, including the largest one yet recorded, or so Cloudflare…

Read more →

Chocolate Factory’s ad tech renovation is moving ahead, like it or not Google on Tuesday began rolling out a beta test of its Privacy Sandbox software for a small portion of Android 13 devices to learn how its purportedly privacy-protecting…

Read more →

Happy Valentine’s Day! Now don’t get fooled It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine’s Day.… This article has been indexed…

Read more →

That’s not what I like Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.… This article has been indexed from The Register…

Read more →

Blames ‘third-party provider’ as phishers drain Ethereum wallets Domain registrar Namecheap blamed a “third-party provider” that sends its newsletters after customers complained of receiving phishing emails from Namecheap’s system.… This article has been indexed from The Register – Security Read…

Read more →

Also: Russian wiper malware authors turn to data theft, plus this week’s critical vulns in brief  The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail – but a deadline it gave for payment has…

Read more →

Smart-alec worker found a way to avoid nasty, boring jobs – by doing what he was told Who, Me?  Ah, gentle reader, welcome back once again to the comfortable backwater of The Register we call Who, Me? in which readers’…

Read more →

US Commerce Department can’t just let red balloons go by The US Department of Commerce added six more entities to its blacklist on Friday on grounds of national security after an errant Chinese surveillance balloon was shot down over the…

Read more →

NIST weighs up algorithms for small devices – and an architecture for massive systems The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms…

Read more →

All that data coming soon to a darkweb crime forum near you? Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive…

Read more →

Demand to display wallet full of coin facilitated mystery heist Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency – during a real world…

Read more →

Suomi sentence expected for shrink records theft French police have arrested a 25-year-old Finnish man accused of hacking a psychotherapy clinic, stealing more than 22,000 patients’ therapy notes, demanding ransom payments from them and also leaking this very private info…

Read more →

Any act that sends so much as a ruble to seven named netizens now forbidden The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan.… This article…

Read more →

State Dept already has one target, FBI is identifying sources of floating surveillance platform’s components The Chinese surveillance balloon that drifted across the US last week looks set to spark a new round of sanctions against Middle Kingdom tech firms.……

Read more →

The usual suspects – Hikvision and Dahua – named as a risk to national security, prompting the usual denials Australia’s Defence Department removed all Chinese manufactured surveillance cameras after an audit detailed the number of Hikvision and Dahua devices installed…

Read more →

Don’t trust your super-hot military boyfriend you’ve never met. He doesn’t exist As Valentine’s Day approaches, if your offshore oil rig worker “boyfriend” – who looks like Bradley Cooper in his online pics and has hinted at proposing to you…

Read more →

Phishing hooked internal documents, code, and some internal business systems accessed, users’ personal info safe Colourful web forum Reddit has revealed it has suffered a security breach.… This article has been indexed from The Register – Security Read the original…

Read more →

German and Dutch authorities say the app was a favorite of organized criminals and drug smugglers An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down…

Read more →

Digital sleuths chop through crypto challenge in ‘surreal’ search A team of codebreakers discovered – and then cracked – more than 50 secret letters written by Mary Stuart, Queen of Scots while she was imprisoned in England by her cousin, Queen…

Read more →

NIST weighs up algorithms for small devices – and an architecture for massive systems The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms…

Read more →

Evil code hits more than 3,800 servers globally, according to the Feds The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.… This article…

Read more →

The malware has hit more than 3,800 servers globally, according to the Feds The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.… This…

Read more →

Demand to display wallet full of coin facilitated mystery heist Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency – during a real world…

Read more →

Suomi sentence expected for shrink records theft French police have arrested a 25-year-old Finnish man accused of hacking a psychotherapy clinic, stealing more than 22,000 patients’ therapy notes, demanding ransom payments from them and also leaking this very private info…

Read more →

German and Dutch authorities say the app was a favorite of organized criminals and drug smugglers An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down…

Read more →

‘Perils of the job’ we’re told A top US cyber diplomat said his Twitter account was compromised over the weekend.… This article has been indexed from The Register – Security Read the original article: Embarrassment as US cyber ambassador’s Twitter…

Read more →

Put pro-Putin bots on the do not call list A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its…

Read more →

How Dell PowerScale helps defend against information breaches Webinar  There was a time when data was stored in cardboard files inside metal filing cabinets. The drawers were locked with a little key in the corner of the cabinet, which generally…

Read more →

Excuse me, citizen, did you packet this data yourself? Opinion  The tech sector is failing at cybersecurity. Global spending on the stuff is at $190 billion a year, a quarter of the US defense budget. That hasn’t stemmed an estimated…

Read more →

Also: Atlassian says Jira has a 9.4 severity bug and the TSA issues milquetoast no-fly list security advisory When a Texas school district sold some old laptops at auction last year, it probably didn’t expect to end up in a…

Read more →

You’ve had almost two years to patch and some of the software is EOL, now attackers déployer un rançongiciel France’s Computer Emergency Response Team has issued a Bulletin D’Alerte regarding a campaign to infect VMware’s ESXI hypervisor with ransomware.… This…

Read more →

From frameworks to new federal offices it’s time to get busy The hack of SolarWinds’ software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?.……

Read more →

The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… This article has been indexed from The Register –…

Read more →

Same gang pestered US voters during 2020 presidential election Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers’ personal information is none other than a Tehran-backed gang.… This article has been indexed…

Read more →

Portugal’s biggest exporter of beer warns of restrictions to supply chain Super Bock Group, Portugal’s largest beverage biz, is warning of potential interruption to supplies as it manages the fallout from cybercrooks attacking its tech infrastructure.… This article has been…

Read more →

$4,500 Monero per worker as they slave away while we devotin’ full time to floatin’ under the patch sea A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in…

Read more →

… forcing users to insert their cards into less-secure PIN systems The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.… This article has been indexed from…

Read more →

Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the…

Read more →

Mango Markets still offline for now … but v4 comeback release looms The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions…

Read more →

Once is an accident. Twice is coincidence. Surely there won’t be a third for roadside assistance biz A former employee of RAC, one of Britain’s major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic…

Read more →

Mango Markets still offline for now … but v4 comeback release looms The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions…

Read more →

Max reward per project integration is now $30k Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project.… This article has been indexed from The Register – Security Read the original article:…

Read more →

XPS doc display issues fixed – until the next patch, at least Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of .NET…

Read more →

Floats over missile silos, shooting it down ruled more dangerous than whatever it’s up to Updated  A Chinese high-altitude potential spy balloon, spotted drifting over America, has caused concern about national security – though the US Department of Defense says…

Read more →

Floats over missile silos, shooting it down ruled more dangerous than whatever it’s up to A Chinese high-altitude surveillance balloon, spotted drifting over the US, has caused concern about national security – but the Department of Defense says it will…

Read more →

Once is an accident. Twice is coincidence. Surely there won’t a third incident for roadside assistance company A former employee of RAC, one of Britain’s major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic…

Read more →

Malicious OAuth apps were the tickets into victims’ systems Miscreants using malicious OAuth applications abused Microsoft’s “verified publisher” status to gain access to organizations’ cloud environments, then steal data and pry into to users’ mailboxes, calendars, and meetings.… This article…

Read more →

Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the…

Read more →

Nickolas Sharp now faces up to 35 years in prison A former Ubiquiti Networks employee accused of hatching an elaborate plot to first steal nearly $2 million from his employer, extort more, then later orchestrating a smear campaign against the…

Read more →

Well what do you know – plenty of hard-nosed regulation by central authorities actually protected investors Collapsed crypto exchange FTX’s Japanese outpost has told customers it will permit them to withdraw assets in February.… This article has been indexed from…

Read more →

How to keep unstructured data secure Webinar  If your IT team is making new year resolutions, one of them might be to ramp up safeguarding measures for the increasing amount of unstructured data being captured by businesses and organizations.… This…

Read more →

The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… This article has been indexed from The Register –…

Read more →

It’s listed alongside issues like tackling gang violence, drugs, and sex crimes South Korea’s Ministry of Justice will create a “Virtual Currency Tracking System” to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility…

Read more →

Portugal’s biggest exporter of beer warns of retrictions to supply chain Super Bock Group, Portugal’s largest beverage biz, is warning of potential interruption to supplies as it manages the fallout from cybercrooks attacking its tech infrastructure.… This article has been…

Read more →

Max reward per project integration is now $30k Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project.… This article has been indexed from The Register – Security Read the original article:…

Read more →

XPS doc display issues fixed – until the next patch, at least Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of .NET…

Read more →

Malicious OAuth apps were the tickets into victims’ systems Miscreants using malicious OAuth applications abused Microsoft’s “verified publisher” status to gain access to organizations’ cloud environments, then steal data and pry into to users’ mailboxes, calendars, and meetings.… This article…

Read more →

Ballmer thought this kernel was cancer, Nadella may disagree Organizations using Microsoft’s Defender for Endpoint will now be able to isolate Linux devices from their networks to contain intrusions and whatnot.… This article has been indexed from The Register –…

Read more →

Ballmer thought Linux was ‘cancer,’ Nadella disagrees Organizations using Microsoft’s Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them.… This article has been indexed from The Register…

Read more →

Well what do you know – plenty of hard-nosed regulation by central authorities actually protected investors Collapsed crypto exchange FTX’s Japanese outpost has told customers it will permit them to withdraw assets in February.… This article has been indexed from…

Read more →

How to keep unstructured data secure Webinar  If your IT team is making new year resolutions, one of them might be to ramp up safeguarding measures for the increasing amount of unstructured data being captured by businesses and organizations.… This…

Read more →

Well what do you know – plenty of hard-nosed regulation by central authorities actually protected investors Collapsed crypto exchange FTX’s Japanese outpost has told customers it will permit them to withdraw assets in February.… This article has been indexed from…

Read more →

It’s listed alongside issues like tackling gang violence, drugs, and sex crimes South Korea’s Ministry of Justice will create a “Virtual Currency Tracking System” to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility…

Read more →

Schools’ laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.… This article has been…

Read more →

Salary report shows OKish pay, plus the possibility of getting ripped off and the whole prison thing Malware developers and penetration testers are in high demand across dark web job posting sites, with a few astonishing – but mostly average…

Read more →

Perhaps a good time to check for unwelcome visitors The operators behind Gootloader, a crew dubbed UNC2565, have upgraded the code in cunning ways to make it more intrusive and harder to find.… This article has been indexed from The…

Read more →

No payment details exposed in breach, says retailer, but shoppers told to be ‘vigilant about potential scams’ Sports fashion retailer JD Sports has confirmed miscreants broke into a system that contained data on a whopping 10 million customers, but no…

Read more →

Mitigating the risks of human error in digital defenses Webinar  It’s a startling truth but 45 percent of workers in the US believe using public Wi-Fi is safe.… This article has been indexed from The Register – Security Read the…

Read more →

Also: a week of leaks; Riot Games says ‘LoL’ to source code ransom demands; and Yandex source also appears online in brief  Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events…

Read more →